By the miracle of assistance from the Clerks, I am aware that we have had a debate this morning and that the Minister is now to respond to that debate, which I did not hear, but which I am sure was a full one.
Clause 27

I remind the Committee that with this we are discussing the following:
Amendment 162, in clause27,page17,line5,at end insert—
“(1A) The decision to issue the certificate must be—
(a) approved by a Judicial Commissioner,
(b) laid before Parliament,
(c) published and publicly accessible on the Information Commissioner’s Office website.
(1B) In deciding whether to approve an application under subsection (1), a Judicial Commissioner must review the Minister’s conclusions as to the following matters—
(a) whether the certificate is necessary on relevant grounds,
(b) whether the conduct that would be authorised by the certificate is proportionate to what it sought to be achieved by that conduct, and
(c) whether it is necessary and proportionate to exempt all provisions specified in the certificate.”.
This amendment would ensure that oversight and safeguarding in the application for a National Security Certificate are effective, requiring sufficient detail in the application process.
Amendment 163, in clause27,page17,leave out lines 6 to 8 and insert—
“(2) An application for a certificate under subsection (1)—
(a) must identify the personal data to which it applies by means of a detailed description, and”.
This amendment would require a National Security Certificate to identify the personal data to which the Certificate applies by means of a detailed description.
Amendment 164, in clause27,page17,line9,leave out subsection (2)(b).
This amendment would ensure that a National Security Certificate cannot be expressed to have prospective effect.
Amendment 165, in clause27,page17,line9,at end insert—
“(c) must specify each provision of this Act which it seeks to exempt, and
(d) must provide a justification for both (a) and (b).”.
This amendment would ensure effective oversight of exemptions of this Act from the application for a National Security Certificate.
Amendment 166, in clause27,page17,line10,leave out “directly” and insert
“who believes they are directly or indirectly”.
This amendment would broaden the application of subsection (3) so that any person who believes they are directly affected by a National Security Certificate may appeal to the Tribunal against the Certificate.
Amendment 167, in clause27,page17,line12,leave out
“, applying the principles applied by a court on an application for judicial review,”.
This amendment removes the application to the appeal against a National Security Certificate of the principles applied by a court on an application for judicial review.
Amendment 168, in clause27,page17,line13,leave out
“the Minister did not have reasonable grounds for issuing”
and insert
“it was not necessary or proportionate to issue”.
These amendments would reflect that the Minister would not be the only authority involved in the process of applying for a National Security Certificate.
Amendment 169, in clause27,page17,line16,at end insert—
“(4A) Where a Judicial Commissioner refuses to approve a Minister’s application for a certificate under this Chapter, the Judicial Commissioner must give the Minister of the Crown reasons in writing for the refusal.
(4B) Where a Judicial Commissioner refuses to approve a Minister’s application for a certificate under this Chapter, the Minister may apply to the Information Commissioner for a review of the decision.
(4C) It is not permissible for exemptions to be specified in relation to—
(a) Chapter II of the applied GDPR (principles)—
(i) Article 5 (lawful, fair and transparent processing),
(ii) Article 6 (lawfulness of processing),
(iii) Article 9 (processing of special categories of personal data),
(b) Chapter IV of the applied GDPR—
(i) GDPR Articles 24 – 32 inclusive,
(ii) GDPR Articles 35 – 43 inclusive,
(c) Chapter VIII of the applied GDPR (remedies, liabilities and penalties)—
(i) GDPR Article 83 (general conditions for imposing administrative fines),
(ii) GDPR Article 84 (penalties),
(d) Part 5 of this Act, or
(e) Part 7 of this Act.”.
This amendment would require a Judicial Commissioner to intimate in writing to the Minister reasons for refusing the Minister’s application for a National Security Certificate and allows the Minister to apply for a review by the Information Commissioner of such a refusal.

Louise Haigh: The Minister is absolutely right that the provisions mirror those in the DPA. That is exactly why we take issue with them. They mirror unacceptable preventions of rights in the tribunal appeal process, but do not mirror the rights in the Investigatory Powers Act 2016. Why were safeguards were put in place in that Act, but will not apply in this Bill?

Darren Jones: Before the Minister does that, will she Minister give way?

Louise Haigh: As I have already said, the issue is that the judicial review process for appeal is incredibly narrow and limited. Under section 28 of the DPA, where an individual requests to access his or her data that is subject to a certificate, they will merely be informed that they have been given all the information that is required under the Act. They would not be informed that their data is being withheld on the grounds of a national security certificate. That means that it is impossible for them to know whether they even have the right to appeal under a judicial review, and they do not have the information available to allow them take that judicial review case forward. That is why the amendment is drafted in this way. If the Minister would like, she can suggest some alternative wording that would solve the problem.

Order. I realise that the right hon. Gentleman feels strongly about the issue, but if he wishes to intervene, he must stand. If not, he must remain quiet and take it on the chin.

Members will note that there are a number of clauses on the selection list to which no amendments have been tabled. I propose to start grouping such clauses together in order to speed progress. However, Members still have the right to tell me that they wish to speak to, or vote on, an individual clause.

Order. The hon. Lady has on a number of occasions referred to her officials. She should remember at all times that, as far as the Committee is concerned, there are no officials in this room, even though self-evidently there are.

I hope it is, Mr Byrne.

Ultimately, whether the Minister gives way is a matter for the Minister—that is true for any Member who has the Floor—but it is normal practice to debate aspects of legislation thoroughly. Ultimately, however, it remains the choice of the Minister or any other Member with the Floor whether to give way.

Order. We are debating clause 50 of the Bill, so may I suggest that in all parts of the Committee we focus our minds on the clause?

With this it will be convenient to discuss Government amendment 26.

With this it will be convenient to discuss the following:
Amendment 143, in clause64,page37,line2,leave out “high”.
Amendment 144, in clause64,page37,line15,leave out “is likely to” and insert “may”.
Amendment 145, in clause64,page37,line15,leave out “high”.
Amendment 146, in clause65,page37,line19,leave out subsection (1) and insert—
“(1) This section applies where a controller intends to—
(a) create a filing system and process personal data forming part of it, or
(b) use new technical or organisational measures to acquire, store or otherwise process personal data.”
Amendment 147, in clause65,page37,line23,leave out “would” and insert “could”.
Amendment 148, in clause65,page37,line23,leave out “high”.
Amendment 149, in clause65,page37,line44,at end insert—
“(8) If the Commissioner is not satisfied that the controller or processor (where the controller is using a processor) has taken sufficient steps to remedy the failing in respect of which the Commissioner gave advice under subsection (4), the Commissioner may exercise powers of enforcement available to the Commissioner under Part 6 of this Act.”

Darren Jones: I rise to support the amendments in the name of my hon. Friend the Member for Sheffield, Heeley. I had the pleasure of cross-examining Baroness Williams of Trafford, who is the Minister responsible for some of these issues, on the Select Committee on Science and Technology in our inquiry on the biometric strategy and why there has been such a delay in the Government publishing that document. We had grave concerns about the delay in the strategy, but also about the way in which IT systems and servers in different forces act in different ways, which make things potentially very difficult.
The amendments would add safeguards to legitimate purposes—to prevent them from going too far. They should be welcomed by the Government and included in the Bill. There are a number of situations where, in this developing area of technology, which could be very useful to us as a country, as my hon. Friends have said, we need to ensure that the appropriate safeguards are in place. On facial recognition, we know from information received by the Science and Technology Committee that there is too high a number of facial records on the police national database and other law enforcement databases, when there is no legitimate reason for them to be there. We understand that it is difficult to delete them, but that is, with respect, not a good enough answer.
The Select Committee also heard—I think I mentioned this in an earlier sitting—that we have to be careful about the data that the Government hold. The majority of the adult population already has their facial data on Government databases, in the form of passport and driving licence imagery. When we start talking about the exemptions to being able to share data between different Government functions and law enforcement functions, and the exemptions on top of that for the ability to use those things, we just need to be careful that it does not get ahead of us. I know it is difficult to legislate perfectly for the future, but these safeguards would help to make it a safer place.
I will mention briefly the IMSI-catchers, because that covers my constituency of Bristol North West. It was the Bristol Cable, a local media co-operative of which I am a proud member—I pay £1 a month, so I declare an interest—that uncovered some of the issues around IMSI-catchers with bulk collection of information. It is really important that when we are having debates, as we have had with algorithms and artificial intelligence, that we recognise that human intervention and the understanding of some of these systems is sometimes difficult. There are very few people who understand how algorithms actually work or how the systems actually work. As they become more advanced and learn and make decisions by themselves, the idea of human intervention or a human understanding of that is increasingly difficult.
In a situation where human resource is extremely stretched, such as in the police service, the tendency will understandably be to rely on the decisions of the systems within the frameworks that are provided, because there is not time to do full human intervention properly. That is why the safeguards are so important—to prevent things getting ahead of us. I hope the Government support the amendments, which I think are perfectly sensible.

New clauses 3 and 4 are being considered as part of this group, but would not be voted on until after the consideration of the clauses of the Bill have been completed. If you wish to respond to them, Minister, you can do so now.

Liam Byrne: I want to flag up an issue that we will stumble across in a couple of stand part debates: the safeguards that will be necessary for data sharing between this country and elsewhere. We will come on to the safeguards that will be necessary for the transfer of data between our intelligence agencies and foreign intelligence agencies. Within the context of this clause, which touches on the broad principle of data sharing from here and abroad, I want to rehearse one or two arguments on which Ministers should be well briefed and alert.
Our intelligence agencies do an extraordinary job in keeping this country safe, which sometimes involves the acquisition and use of data that results in the loss of life. All Committee members will be familiar with the drone strike that killed Reyaad Khan and Ruhul Amin, and many of us will have heard the Prime Minister’s assurances in the Liaison Committee about the robust legal process that was gone through to ensure that the strike was both proportionate and legal.
The challenge—the public policy issue that arises under chapter 5 of the Bill—is that there is a number of new risks. First, there is the legal risk flagged up by the Court of Appeal in 2013, when justices said that it was not clear that UK personnel will be immune from criminal liability for their involvement in a programme that involves the transfer of intelligence from an intelligence service here to an American partner and where that American partner uses that information to conduct drone strikes that involve the loss of life. Confidence levels differ, but we in the Committee are pretty confident about the legal safeguards around those kinds of operations in this country. We can be less sure about the safeguards that some of our partners around the world have in place. The Court of Appeal has expressed its view, which was reinforced in 2016 by the Joint Committee on Human Rights. The Committee echoed the finding that
“front-line personnel…should be entitled to more legal certainty”
than they have today.
This section of the Bill gives us the opportunity to ensure that our intelligence services are equipped with a much more robust framework than they have today, to ensure that they are not subject to the risks flagged by the Court of Appeal or by the Joint Committee on Human Rights.
We have shared intelligence with our partners, particularly in the Five Eyes network, for many moons. We have great specialism in that area. We have a number of RAF bases in this country and abroad with particularly important capabilities, and our facility in Cheltenham is pretty much the best in the world. We have to confront the challenge that the governance of some of our Five Eyes partners is perhaps not as cautious as the leadership of those countries was in the past. Since the election of President Trump, there has been a dramatic increase in the United States’ drone programme.
We need to face up to the challenge —not duck, ignore, or pretend it is not there—that we want to  preserve the legal safeguards that ensure that our intelligence services can do their job. We want to ensure that there are good, strong, robust arrangements for sharing intelligence with our partners.
We do not want to jeopardise our intelligence services or the information sharing agreements because of the misuse of intelligence by our partners abroad. That is particularly important when our partners abroad are deploying legal force in countries such as Syria, northern Iraq and, increasingly, Yemen, where the number of drone strikes has increased by 288% in recent years.
On this clause, it is appropriate to say that we want to have a good debate about what the safeguards need to look like to ensure good and safe intelligence sharing between our agencies. We hope the Government will be open-minded and will acknowledge our objective. The life of our intelligence services is complicated enough without having to question whether what they are doing is legally viable and whether it will be subject to legal challenge in the future. I hope we can reflect on that correctly, because we are not entirely sure that the safeguards in the Bill are robust enough.

There is no amendment before the Committee. We are on clause 72. The right hon. Member for Birmingham, Hodge Hill made some comments, which I did not rule out of order. The Minister has indicated that she will respond to the wider issue of concerns about drones and national security at a later date. That is a matter for her. If the right hon. Gentleman is happy with that, and if the Minister is content, I will put the question that the clause stand part of the Bill.